[Dnsmasq-discuss] TCP queries are refused if upstream server is specified with interface
stappers at hendrikx-itc.nl
Fri Sep 13 12:54:28 BST 2019
On 13-09-2019 13:00, Tore Anderson wrote:
> Start out with the following /etc/dnsmasq.conf, replacing «wlp2s0» as appropriate:
> server=184.108.40.206 at wlp2s0
> Start Dnsmasq and send it a TCP query:
> $ src/dnsmasq -d -p 5333
> dnsmasq: started, version 2.80-72-ge24abf2 cachesize 150
> dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify dumpfile
> dnsmasq: using nameserver 220.127.116.11#53(via wlp2s0)
> dnsmasq: cleared cache
> $ dig @127.0.0.1 -p 5333 fud.no A +vc | grep HEADER
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 2916
> Output from Dnsmasq following the above query:
> dnsmasq: query[A] fud.no from 127.0.0.1
> dnsmasq: config error is REFUSED
> It makes no attempt to contact the upstream server.
> If I remove «@wlp2s0» from the server config, it works fine.
To me does that read: wlp2s0 can not reach 18.104.22.168
> A practical consequence of this bug is that I cannot resolve any domain names under *.org with DNSSEC enabled. The initial UDP query results in a truncated answer, so libc/dig retries in TCP mode and fails.
> Note that NetworkManager automatically configures the upstream DNS servers with a specific interface via D-Bus, this behaviour appears hard-coded.
FWIW: I have also exprienced that NetworkManager can be quite dominate.
More information about the Dnsmasq-discuss